Skip to content

Add ServerWallet implementation and deprecate EngineWallet #153

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Jul 18, 2025
Merged

Add ServerWallet implementation and deprecate EngineWallet #153

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ed105d4
Add ServerWallet implementation and deprecate EngineWallet
0xFirekeeper Jul 15, 2025
e183543
Add EIP-7702 and EOA execution options to ServerWallet
0xFirekeeper Jul 18, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 36 additions & 11 deletions Thirdweb.Console/Program.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@
var privateKey = Environment.GetEnvironmentVariable("PRIVATE_KEY");

// Fetch timeout options are optional, default is 120000ms
var client = ThirdwebClient.Create(secretKey: secretKey);
var client = ThirdwebClient.Create(secretKey: "4qXoZMCqQo9SD8YkrdvO5Ci9gYKrgRADHSY84Q0wwKHZS53_R1QNcIs2XbFBWR0xE7HTQPER45T1sN1JvdFKlA");
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Security: Remove hardcoded secret key.

The hardcoded secret key should not be committed to version control, even in example code. This poses a security risk and sets a bad precedent for developers.

Revert to using the environment variable:

-var client = ThirdwebClient.Create(secretKey: "4qXoZMCqQo9SD8YkrdvO5Ci9gYKrgRADHSY84Q0wwKHZS53_R1QNcIs2XbFBWR0xE7HTQPER45T1sN1JvdFKlA");
+var client = ThirdwebClient.Create(secretKey: secretKey);
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
var client = ThirdwebClient.Create(secretKey: "4qXoZMCqQo9SD8YkrdvO5Ci9gYKrgRADHSY84Q0wwKHZS53_R1QNcIs2XbFBWR0xE7HTQPER45T1sN1JvdFKlA");
var client = ThirdwebClient.Create(secretKey: secretKey);
🧰 Tools
🪛 Gitleaks (8.27.2)

30-30: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

🤖 Prompt for AI Agents 
In Thirdweb.Console/Program.cs at line 30, the secret key is hardcoded, which is
a security risk. Replace the hardcoded string with code that reads the secret
key from an environment variable instead, ensuring the key is not exposed in the
source code or version control.


// Create a private key wallet
var privateKeyWallet = await PrivateKeyWallet.Generate(client);
Expand Down Expand Up @@ -340,21 +340,46 @@

#endregion

#region Engine Wallet
#region Server Wallet

// // EngineWallet is compatible with IThirdwebWallet and can be used with any SDK method/extension
// var engineWallet = await EngineWallet.Create(
// // ServerWallet is compatible with IThirdwebWallet and can be used with any SDK method/extension
// var serverWallet = await ServerWallet.Create(
// client: client,
// engineUrl: Environment.GetEnvironmentVariable("ENGINE_URL"),
// authToken: Environment.GetEnvironmentVariable("ENGINE_ACCESS_TOKEN"),
// walletAddress: Environment.GetEnvironmentVariable("ENGINE_BACKEND_WALLET_ADDRESS"),
// timeoutSeconds: null, // no timeout
// additionalHeaders: null // can set things like x-account-address if using basic session keys
// label: "Test",
// // Optional, defaults to Auto - we choose between EIP-7702, EIP-4337 or native zkSync AA execution / EOA is also available
// executionOptions: new AutoExecutionOptions()
// );

// var serverWalletAddress = await serverWallet.GetAddress();
// Console.WriteLine($"Server Wallet address: {serverWalletAddress}");

// var serverWalletPersonalSig = await serverWallet.PersonalSign("Hello, Thirdweb!");
// Console.WriteLine($"Server Wallet personal sign: {serverWalletPersonalSig}");

// var json =
// /*lang=json,strict*/
// "{\"types\":{\"EIP712Domain\":[{\"name\":\"name\",\"type\":\"string\"},{\"name\":\"version\",\"type\":\"string\"},{\"name\":\"chainId\",\"type\":\"uint256\"},{\"name\":\"verifyingContract\",\"type\":\"address\"}],\"Person\":[{\"name\":\"name\",\"type\":\"string\"},{\"name\":\"wallet\",\"type\":\"address\"}],\"Mail\":[{\"name\":\"from\",\"type\":\"Person\"},{\"name\":\"to\",\"type\":\"Person\"},{\"name\":\"contents\",\"type\":\"string\"}]},\"primaryType\":\"Mail\",\"domain\":{\"name\":\"Ether Mail\",\"version\":\"1\",\"chainId\":84532,\"verifyingContract\":\"0xCcCCccccCCCCcCCCCCCcCcCccCcCCCcCcccccccC\"},\"message\":{\"from\":{\"name\":\"Cow\",\"wallet\":\"0xCD2a3d9F938E13CD947Ec05AbC7FE734Df8DD826\"},\"to\":{\"name\":\"Bob\",\"wallet\":\"0xbBbBBBBbbBBBbbbBbbBbbBBbBbbBbBbBbBbbBBbB\"},\"contents\":\"Hello, Bob!\"}}";
// var serverWalletTypedDataSign = await serverWallet.SignTypedDataV4(json);
// Console.WriteLine($"Server Wallet typed data sign: {serverWalletTypedDataSign}");

// // Simple self transfer
// var receipt = await engineWallet.Transfer(chainId: 11155111, toAddress: await engineWallet.GetAddress(), weiAmount: 0);
// Console.WriteLine($"Receipt: {receipt}");
// var serverWalletReceipt = await serverWallet.Transfer(chainId: 84532, toAddress: await serverWallet.GetAddress(), weiAmount: 0);
// Console.WriteLine($"Server Wallet Hash: {serverWalletReceipt.TransactionHash}");

// // ServerWallet forcing ERC-4337 Execution Mode
// var smartServerWallet = await ServerWallet.Create(client: client, label: "Test", executionOptions: new ERC4337ExecutionOptions(chainId: 84532, signerAddress: serverWalletAddress));
// var smartServerWalletAddress = await smartServerWallet.GetAddress();
// Console.WriteLine($"Smart Server Wallet address: {smartServerWalletAddress}");

// var smartServerWalletPersonalSig = await smartServerWallet.PersonalSign("Hello, Thirdweb!");
// Console.WriteLine($"Smart Server Wallet personal sign: {smartServerWalletPersonalSig}");

// var smartServerWalletTypedDataSign = await smartServerWallet.SignTypedDataV4(json);
// Console.WriteLine($"Smart Server Wallet typed data sign: {smartServerWalletTypedDataSign}");

// // Simple self transfer
// var smartServerWalletReceipt = await smartServerWallet.Transfer(chainId: 84532, toAddress: await smartServerWallet.GetAddress(), weiAmount: 0);
// Console.WriteLine($"Server Wallet Hash: {smartServerWalletReceipt.TransactionHash}");

#endregion

Expand Down
1 change: 1 addition & 0 deletions Thirdweb/Thirdweb.Utils/Constants.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ public static class Constants
internal const string PIN_URI = "https://storage.thirdweb.com/ipfs/upload";
internal const string FALLBACK_IPFS_GATEWAY = "https://ipfs.io/ipfs/";
internal const string NEBULA_API_URL = "https://nebula-api.thirdweb.com";
internal const string ENGINE_API_URL = "https://engine.thirdweb.com";
internal const string NEBULA_DEFAULT_MODEL = "t0-003";
internal const int DEFAULT_FETCH_TIMEOUT = 120000;

Expand Down
1 change: 1 addition & 0 deletions Thirdweb/Thirdweb.Wallets/EngineWallet/EngineWallet.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ namespace Thirdweb;
/// <summary>
/// Enclave based secure cross ecosystem wallet.
/// </summary>
[Obsolete("The EngineWallet is deprecated and will be removed in a future version. Please use ServerWallet instead.")]
public partial class EngineWallet : IThirdwebWallet
{
public ThirdwebClient Client { get; }
Expand Down
145 changes: 145 additions & 0 deletions Thirdweb/Thirdweb.Wallets/ServerWallet/ServerWallet.Types.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,145 @@
using System.Numerics;
using Newtonsoft.Json;

namespace Thirdweb;

/// <summary>
/// Base class for execution options
/// </summary>
[JsonObject]
public class ExecutionOptions
{
[JsonProperty("chainId")]
public BigInteger? ChainId { get; set; } = null;

[JsonProperty("idempotencyKey")]
public string IdempotencyKey { get; set; }
}

/// <summary>
/// Auto determine execution options
/// </summary>
[JsonObject]
public class AutoExecutionOptions : ExecutionOptions
{
[JsonProperty("type")]
public string Type { get; set; } = "auto";

[JsonProperty("from")]
public string From { get; set; }
}

/// <summary>
/// Externally Owned Account (EOA) execution options
/// </summary>
[JsonObject]
public class EIP7702ExecutionOptions : ExecutionOptions
{
[JsonProperty("type")]
public string Type { get; set; } = "EIP7702";

[JsonProperty("from")]
public string From { get; set; }
}

/// <summary>
/// Externally Owned Account (EOA) execution options
/// </summary>
[JsonObject]
public class EOAExecutionOptions : ExecutionOptions
{
[JsonProperty("type")]
public string Type { get; set; } = "EOA";

[JsonProperty("from")]
public string From { get; set; }
}

/// <summary>
/// ERC-4337 execution options
/// </summary>
[JsonObject]
public class ERC4337ExecutionOptions : ExecutionOptions
{
[JsonProperty("type")]
public string Type { get; set; } = "ERC4337";

[JsonProperty("signerAddress")]
public string SignerAddress { get; set; }

[JsonProperty("accountSalt")]
public string AccountSalt { get; set; }

[JsonProperty("smartAccountAddress")]
public string SmartAccountAddress { get; set; }

[JsonProperty("entrypointAddress")]
public string EntrypointAddress { get; set; }

[JsonProperty("entrypointVersion")]
public string EntrypointVersion { get; set; }

[JsonProperty("factoryAddress")]
public string FactoryAddress { get; set; }

public ERC4337ExecutionOptions(BigInteger chainId, string signerAddress)
{
this.ChainId = chainId;
this.SignerAddress = signerAddress;
}
}

/// <summary>
/// Response wrapper for queued transactions
/// </summary>
[JsonObject]
internal class QueuedTransactionResponse
{
[JsonProperty("result")]
public QueuedTransactionResult Result { get; set; }
}

/// <summary>
/// Result containing the transactions array
/// </summary>
[JsonObject]
internal class QueuedTransactionResult
{
[JsonProperty("transactions")]
public QueuedTransaction[] Transactions { get; set; }
}

/// <summary>
/// Queued transaction response
/// </summary>
[JsonObject]
internal class QueuedTransaction
{
[JsonProperty("id")]
public string Id { get; set; }

[JsonProperty("batchIndex")]
public long BatchIndex { get; set; }

[JsonProperty("executionParams")]
public ExecutionOptions ExecutionParams { get; set; }

[JsonProperty("transactionParams")]
public InnerTransaction[] TransactionParams { get; set; }
}

/// <summary>
/// Inner transaction data
/// </summary>
[JsonObject]
internal class InnerTransaction
{
[JsonProperty("to")]
public string To { get; set; }

[JsonProperty("data")]
public string Data { get; set; }

[JsonProperty("value")]
public string Value { get; set; }
}
Loading